From 7a801a842c7c6636c654489cb53bb8271c6927c8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 10 May 2009 10:49:18 +0200 Subject: [PATCH] Allow NULL queue to writev_send Fix bug #8086 - null pointer reference crashes winbind. --- lib/async_req/async_sock.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c index 39705f45bb2..c428e3c6632 100644 --- a/lib/async_req/async_sock.c +++ b/lib/async_req/async_sock.c @@ -387,11 +387,11 @@ struct tevent_req *writev_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct tevent_queue *queue, int fd, struct iovec *iov, int count) { - struct tevent_req *result; + struct tevent_req *req; struct writev_state *state; - result = tevent_req_create(mem_ctx, &state, struct writev_state); - if (result == NULL) { + req = tevent_req_create(mem_ctx, &state, struct writev_state); + if (req == NULL) { return NULL; } state->ev = ev; @@ -404,12 +404,22 @@ struct tevent_req *writev_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, goto fail; } - if (!tevent_queue_add(queue, ev, result, writev_trigger, NULL)) { + if (queue == NULL) { + struct tevent_fd *fde; + fde = tevent_add_fd(state->ev, state, state->fd, + TEVENT_FD_WRITE, writev_handler, req); + if (tevent_req_nomem(fde, req)) { + return tevent_req_post(req, ev); + } + return req; + } + + if (!tevent_queue_add(queue, ev, req, writev_trigger, NULL)) { goto fail; } - return result; + return req; fail: - TALLOC_FREE(result); + TALLOC_FREE(req); return NULL; } -- 2.11.4.GIT